Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
81828384858687888990
OSS System Security
Security Management Guide522283-008
4-8
Process Security Attributes
When a process is created, the real user ID and real group ID are passed to the
descendent process. The effective IDs and saved-set-IDs of the new process can
come from either of two sources: the IDs of its creator (the usual case) or the owner of
the program file (if file-owner adoption was specified through the set-user-ID or set-
group-ID permission bits).
An OSS process can determine its process security attributes by using the function
calls listed in Table 4-3 on page 4-8. For more information about these functions, see
the Open System Services System Calls Reference Manual.
Effective user ID The user ID under which the process is currently running. Always
kept synchronized with the PAID. The effective user ID is initialized
to the same user ID as the real user ID when the process is
authenticated. The effective user ID is changed if the process
executes a program file that has its set-user-ID bit set. A process can
use the setuid() function to change its own effective user ID.
Real user ID The user ID that created the process (not always equal to the CAID).
Saved-set-user-ID A stored user ID that allows a process to switch its effective user ID
between the value of the saved-set-user-ID and the real user ID.
This switch is accomplished by executing a setuid() function. The
saved-set-user-ID is initialized to the same value as the real user ID.
The saved-set-user-ID is changed if the process executes a program
file that has its set-user-ID bit set.
Table 4-3. OSS Process-Management Functions
OSS Function Description
cuserid() Gets the user name associated with the real user ID of the current
process
endgrent() Closes the group database
getegid() Gets the effective group ID of the calling process
geteuid() Gets the effective user ID of the calling process
getgid() Gets the real group ID of the calling process
getgrent() The functions getgrnam() and getgrgid() should be used instead of this
function to ensure portability to future systems
getgrgid() Gets group information from the group database
getgrnam() Gets group information from the group database
getgroups() Gets the group list of the current process
getlogin() Gets login name
getpgrp() Gets the process group ID of the calling process
1
The OSS functions, setreuid() and setregid(), are supported only on systems running G06.27 and later G-series
RVUs and H06.05 and later H-series RVUs.
Table 4-2. Security-Related OSS Process Attributes
Attribute Description (continued)